password_strength 0.1.5 → 0.1.6

data/CHANGELOG.rdoc

@@ -20,3 +20,12 @@
 
 * jQuery function can accept string instead of selectors
 * Added repetition penalization
+
+== 0.1.5 - March 23 2010
+
+* Added ActiveSupport as dependency
+* Added JavaScript implementation for JavaScript
+
+== 0.1.6 - March 31 2010
+
+* Added :exclude option

data/README.rdoc

@@ -76,6 +76,11 @@ The PasswordStrength also implements the algorithm in the JavaScript.
 
 The API is basically the same!
 
+You can use the <tt>:exclude</tt> option. Only regular expressions are supported for now.
+
+  var strength = PasswordStrength.test("johndoe", "password with whitespaces", {exclude: /\s/});
+  strength.isInvalid();
+
 Additionaly, a jQuery plugin is available.
 
   $.strength("#username", "#password");

data/lib/jquery.strength.js

@@ -1,8 +1,18 @@
 (function($){
-	$.strength = function(username, password, callback) {
+	$.strength = function(username, password, options, callback) {
+	  if (typeof(options) == "function") {
+	    callback = options;
+	    options = {};
+	  } else if (!options) {
+	    options = {};
+	  }
+
 		var usernameField = $(username);
 		var passwordField = $(password);
 		var strength = new PasswordStrength();
+
+		strength.exclude = options["exclude"];
+
 		callback = callback || $.strength.callback;
 
 		var handler = function(){

data/lib/password_strength/active_record/ar2.rb

@@ -19,10 +19,11 @@ module PasswordStrength
       options.reverse_merge!(:level => :good, :with => :username)
 
       raise ArgumentError, "The :with option must be supplied" unless options.include?(:with)
+      raise ArgumentError, "The :exclude options must be an array of string or regular expression" if options[:exclude] && !options[:exclude].kind_of?(Array) && !options[:exclude].kind_of?(Regexp)
       raise ArgumentError, "The :level option must be one of [:weak, :good, :strong]" unless [:weak, :good, :strong].include?(options[:level])
 
       validates_each(attr_names, options) do |record, attr_name, value|
-        strength = PasswordStrength.test(record.send(options[:with]), value)
+        strength = PasswordStrength.test(record.send(options[:with]), value, :exclude => options[:exclude])
         record.errors.add(attr_name, :too_weak, :default => options[:message]) unless strength.valid?(options[:level])
       end
     end

data/lib/password_strength/active_record/ar3.rb

@@ -6,12 +6,13 @@ module ActiveModel # :nodoc:
       end
 
       def validate_each(record, attribute, value)
-        strength = PasswordStrength.test(record.send(options[:with]), value)
+        strength = PasswordStrength.test(record.send(options[:with]), value, :exclude => options[:exclude])
         record.errors.add(attribute, :too_weak, :default => options[:message], :value => value) unless strength.valid?(options[:level])
       end
 
       def check_validity!
         raise ArgumentError, "The :with option must be supplied" unless options.include?(:with)
+        raise ArgumentError, "The :exclude options must be an array of string or regular expression" if options[:exclude] && !options[:exclude].kind_of?(Array) && !options[:exclude].kind_of?(Regexp)
         raise ArgumentError, "The :level option must be one of [:weak, :good, :strong]" unless [:weak, :good, :strong].include?(options[:level])
         super
       end

data/lib/password_strength/base.rb

@@ -5,34 +5,51 @@ module PasswordStrength
     SYMBOL_RE = /[!@#\$%^&*?_~-]/
     UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/
 
-    # Hold the username that will be matched against password
+    # Hold the username that will be matched against password.
     attr_accessor :username
 
-    # The password that will be tested
+    # The password that will be tested.
     attr_accessor :password
 
-    # The score for the latest test. Will be nil if the password has not been tested.
+    # The score for the latest test. Will be +nil+ if the password has not been tested.
     attr_reader   :score
 
-    # The current test status. Can be +:weak+, +:good+ or +:strong+
+    # The current test status. Can be +:weak+, +:good+, +:strong+ or +:invalid+.
     attr_reader   :status
 
-    def initialize(username, password)
+    # Set what characters cannot be present on password.
+    # Can be a regular expression or array.
+    #
+    #   strength = PasswordStrength.test("john", "password with whitespaces", :exclude => [" ", "asdf"])
+    #   strength = PasswordStrength.test("john", "password with whitespaces", :exclude => /\s/)
+    #
+    # Then you can check the test result:
+    #
+    #   strength.valid?(:weak)
+    #   #=> false
+    #
+    #   strength.status
+    #   #=> :invalid
+    #
+    attr_accessor :exclude
+
+    def initialize(username, password, options = {})
       @username = username.to_s
       @password = password.to_s
       @score = 0
+      @exclude = options[:exclude]
     end
 
     # Check if the password has the specified score.
     # Level can be +:weak+, +:good+ or +:strong+.
-    def valid?(level)
+    def valid?(level = :good)
       case level
       when :strong then
         strong?
       when :good then
         good? || strong?
       else
-        true
+        !invalid?
       end
     end
 
@@ -51,6 +68,11 @@ module PasswordStrength
       status == :good
     end
 
+    # Check if password has invalid characters based on PasswordStrength::Base#exclude.
+    def invalid?
+      status == :invalid
+    end
+
     # Return the score for the specified rule.
     # Available rules:
     #
@@ -109,31 +131,44 @@ module PasswordStrength
       score
     end
 
+    # Run all tests on password and return the final score.
     def test
       @score = 0
-      @score += score_for(:password_size)
-      @score += score_for(:numbers)
-      @score += score_for(:symbols)
-      @score += score_for(:uppercase_lowercase)
-      @score += score_for(:numbers_chars)
-      @score += score_for(:numbers_symbols)
-      @score += score_for(:symbols_chars)
-      @score += score_for(:only_chars)
-      @score += score_for(:only_numbers)
-      @score += score_for(:username)
-      @score += score_for(:sequences)
-      @score += score_for(:repetitions)
-
-      @score = 0 if score < 0
-      @score = 100 if score > 100
-
-      @status = :weak   if score < 35
-      @status = :good   if score >= 35 && score < 70
-      @status = :strong if score >= 70
+
+      if contain_invalid_matches?
+        @status = :invalid
+      else
+        @score += score_for(:password_size)
+        @score += score_for(:numbers)
+        @score += score_for(:symbols)
+        @score += score_for(:uppercase_lowercase)
+        @score += score_for(:numbers_chars)
+        @score += score_for(:numbers_symbols)
+        @score += score_for(:symbols_chars)
+        @score += score_for(:only_chars)
+        @score += score_for(:only_numbers)
+        @score += score_for(:username)
+        @score += score_for(:sequences)
+        @score += score_for(:repetitions)
+
+        @score = 0 if score < 0
+        @score = 100 if score > 100
+
+        @status = :weak   if score < 35
+        @status = :good   if score >= 35 && score < 70
+        @status = :strong if score >= 70
+      end
 
       score
     end
 
+    def contain_invalid_matches? # :nodoc:
+      return false unless exclude
+      regex = exclude
+      regex = /#{exclude.collect {|i| Regexp.escape(i)}.join("|")}/ if exclude.kind_of?(Array)
+      password.to_s =~ regex
+    end
+
     def repetitions(text, size) # :nodoc:
       text = text.mb_chars
       count = 0

data/lib/password_strength/version.rb

@@ -2,7 +2,7 @@ module PasswordStrength
   module Version # :nodoc: all
     MAJOR = 0
     MINOR = 1
-    PATCH = 5
+    PATCH = 6
     STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
   end
 end

data/lib/password_strength.js

@@ -11,37 +11,42 @@ var PasswordStrength = function() {
 
 	this.test = function() {
 		this.score = 0;
-		this.score += this.scoreFor("password_size");
-		this.score += this.scoreFor("numbers");
-		this.score += this.scoreFor("symbols");
-		this.score += this.scoreFor("uppercase_lowercase");
-		this.score += this.scoreFor("numbers_chars");
-		this.score += this.scoreFor("numbers_symbols");
-		this.score += this.scoreFor("symbols_chars");
-		this.score += this.scoreFor("only_chars");
-		this.score += this.scoreFor("only_numbers");
-		this.score += this.scoreFor("username");
-		this.score += this.scoreFor("sequences");
-		this.score += this.scoreFor("repetitions");
-
-		if (this.score < 0) {
-			this.score = 0;
-		}
-
-		if (this.score > 100) {
-			this.score = 100;
-		}
-
-		if (this.score < 35) {
-			this.status = "weak";
-		}
-
-		if (this.score >= 35 && this.score < 70) {
-			this.status = "good";
-		}
 
-		if (this.score >= 70) {
-			this.status = "strong";
+		if (this.containInvalidMatches()) {
+      this.status = "invalid";
+		} else {
+		  this.score += this.scoreFor("password_size");
+  		this.score += this.scoreFor("numbers");
+  		this.score += this.scoreFor("symbols");
+  		this.score += this.scoreFor("uppercase_lowercase");
+  		this.score += this.scoreFor("numbers_chars");
+  		this.score += this.scoreFor("numbers_symbols");
+  		this.score += this.scoreFor("symbols_chars");
+  		this.score += this.scoreFor("only_chars");
+  		this.score += this.scoreFor("only_numbers");
+  		this.score += this.scoreFor("username");
+  		this.score += this.scoreFor("sequences");
+  		this.score += this.scoreFor("repetitions");
+
+  		if (this.score < 0) {
+  			this.score = 0;
+  		}
+
+  		if (this.score > 100) {
+  			this.score = 100;
+  		}
+
+  		if (this.score < 35) {
+  			this.status = "weak";
+  		}
+
+  		if (this.score >= 35 && this.score < 70) {
+  			this.status = "good";
+  		}
+
+  		if (this.score >= 70) {
+  			this.status = "strong";
+  		}
 		}
 
 		return this.score;
@@ -142,16 +147,32 @@ var PasswordStrength = function() {
 		return this.status == "strong";
 	};
 
+	this.isInvalid = function() {
+	  return this.status == "invalid";
+	};
+
 	this.isValid = function(level) {
 		if(level == "strong") {
 			return this.isStrong();
 		} else if (level == "good") {
 			return this.isStrong() || this.isGood();
 		} else {
-			return true;
+			return !this.containInvalidMatches();
 		}
 	};
 
+	this.containInvalidMatches = function() {
+	  if (!this.exclude) {
+	    return false;
+	  }
+
+    if (!this.exclude.test) {
+      return false;
+    }
+
+    return this.exclude.test(this.password.toString());
+	};
+
 	this.sequences = function(text) {
 		var matches = 0;
 		var sequenceSize = 0;

data/lib/password_strength.rb

@@ -10,8 +10,21 @@ module PasswordStrength
   #   strength.weak?
   #   #=> true
   #
-  def self.test(username, password)
-    strength = Base.new(username, password)
+  # You can provide an options hash.
+  #
+  #   strength = PasswordStrength.test("johndoe", "^Str0ng P4ssw0rd$", :exclude => /\s/)
+  #   strength.status
+  #   #=> :invalid
+  #
+  #   strength.invalid?
+  #   #=> true
+  #
+  # You can also provide an array.
+  #
+  #   strength = PasswordStrength.test("johndoe", "^Str0ng P4ssw0rd$", :exclude => [" ", "asdf", "123"])
+  #
+  def self.test(username, password, options = {})
+    strength = Base.new(username, password, options)
     strength.test
     strength
   end

data/test/active_record_test.rb

@@ -66,4 +66,11 @@ class TestActiveRecord < Test::Unit::TestCase
     @user.update_attributes :password => "johndoe"
     assert @user.errors.full_messages.any?
   end
+
+  def test_exclude_option
+    User.validates_strength_of :password, :exclude => /\s/
+
+    @user.update_attributes :password => "^password with whitespaces 1234ASDF$"
+    assert @user.errors.full_messages.any?
+  end
 end

data/test/jquery_strength_test.js

@@ -90,6 +90,16 @@ new Test.Unit.Runner({
 			assertEqual("mypass", strength.password);
 		});
 
+		$("#username").trigger("keydown");
+	}},
+
+	// Exclude option as regular expression
+	testExcludeOption: function() { with(this) {
+    $.strength("#username", "password with whitespaces", {exclude: /\s/}, function(username, password, strength){
+      assertEqual("invalid", strength.status);
+      assert(strength.isInvalid());
+		});
+
 		$("#username").trigger("keydown");
 	}}
 });

data/test/password_strength_test.js

@@ -24,15 +24,17 @@ new Test.Unit.Runner({
 		assert(strength.isValid("good"));
 		assertEqual(false, strength.isWeak());
 		assertEqual(false, strength.isStrong());
+		assertEqual(false, strength.isInvalid());
 	}},
 
 	// Weak strength
 	testWeakStrength: function() { with(this) {
 		strength.status = "weak";
 		assert(strength.isWeak());
-		assert(strength.isValid("weak"));
-		assertEqual(false, strength.isStrong());
-		assertEqual(false, strength.isGood());
+    assert(strength.isValid("weak"));
+    // assertEqual(false, strength.isStrong());
+    // assertEqual(false, strength.isGood());
+    // assertEqual(false, strength.isInvalid());
 	}},
 
 	// Strong strength
@@ -43,6 +45,7 @@ new Test.Unit.Runner({
 		assert(strength.isValid("good"));
 		assertEqual(false, strength.isWeak());
 		assertEqual(false, strength.isGood());
+		assertEqual(false, strength.isInvalid());
 	}},
 
 	// Short password
@@ -240,5 +243,16 @@ new Test.Unit.Runner({
 	// Four char repetition
 	testFourCharRepetition: function() { with(this) {
 		assertEqual(4, strength.repetitions("abcdabcdabcd", 4));
+	}},
+
+	// Exclude option as regular expression
+	testExcludeOptionAsRegularExpression: function() { with(this) {
+    strength.password = "password with whitespaces";
+    strength.exclude = /\s/;
+    strength.test();
+
+    assertEqual("invalid", strength.status);
+    assert(strength.isInvalid());
+    assertEqual(false, strength.isValid());
 	}}
 });

data/test/password_strength_test.rb

@@ -223,4 +223,18 @@ class TestPasswordStrength < Test::Unit::TestCase
     # expected: §£€à, £€à§, €à§£, ৣ€
     assert_equal 4, @strength.repetitions("§£€à§£€à§£€à", 4)
   end
+
+  def test_exclude_option_as_regular_expression
+    @strength = PasswordStrength.test("johndoe", "^Str0ng P4ssw0rd$", :exclude => /\s/)
+    assert_equal :invalid, @strength.status
+    assert @strength.invalid?
+    assert_equal false, @strength.valid?
+  end
+
+  def test_exclude_option_as_array
+    @strength = PasswordStrength.test("johndoe", "asdfasdfasdf", :exclude => ["asdf", "123"])
+    assert_equal :invalid, @strength.status
+    assert @strength.invalid?
+    assert_equal false, @strength.valid?
+  end
 end

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 1
-  - 5
-  version: 0.1.5
+  - 6
+  version: 0.1.6
 platform: ruby
 authors: 
 - Nando Vieira
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-03-23 00:00:00 -03:00
+date: 2010-03-31 00:00:00 -03:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency